Content deleted Content added
Citation bot (talk | contribs) Add: date. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | #UCB_webform 72/583 |
Moving in edits from User:Llightex/Open_Source_Security_Foundation -- expanded information about activities, added logo to infobox |
||
Line 1:
{{Short description|Industry forum on software security}}
{{Infobox organization
| logo = OpenSSF_logo.svg
| predecessor = Core Infrastructure Initiative
| abbreviation = OpenSSF
| formation = {{Start date and age|2020}}
| type = [[Nonprofit organization|Nonprofit]]
| purpose = Consolidating industry efforts to improve the security of open source software
| key_people =
| leader_title = General Manager
| leader_name = Omkhar Arasaratnam
| leader_title2 = Chief Technology Officer
| leader_name2 = [[Brian Behlendorf]]
| parent_organization = Linux Foundation
| volunteers =
| slogan =
Line 19 ⟶ 24:
| endowment =
| employees =
| membership = 94<ref>{{Cite web |title=Members |url=https://openssf.org/about/members/ |access-date=2023-05-22 |website=Open Source Security Foundation |language=en-US}}</ref>
| website = {{Official URL}}
}}
The '''Open Source Security Foundation''' (OpenSSF) is a cross-industry forum for a collaborative effort to improve [[open-source software security]].<ref>{{cite web|url=https://www.infoq.com/news/2020/08/open-source-security-foundation/|title=Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation|website=infoq.com|accessdate=10 August 2022}}</ref><ref>{{cite web|url=https://www.zdnet.com/article/uniting-for-better-open-source-security-the-open-source-security-foundation/|title=Uniting for better open-source security: The Open Source Security Foundation|website=ZDNet|accessdate=10 August 2022}}</ref> Part of the [[Linux Foundation]], the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.<ref>{{Cite web |date=2022-06-21 |title=OpenSSF details advancements in open-source security efforts |url=https://venturebeat.com/security/openssf-details-advancements-in-open-source-security-efforts/ |access-date=2023-01-10 |website=VentureBeat |language=en-US}}</ref>
==History==
The list of founding governing board members includes [[GitHub]], [[Google]], [[IBM]], [[JPMorgan Chase]], [[Microsoft]], [[NCC Group]], [[OWASP|OWASP Foundation]] and [[Red Hat]].<ref name="openssf">{{cite web|url=https://openssf.org/press-release/2020/08/03/technology-and-enterprise-leaders-combine-efforts-to-improve-open-source-security/|title=Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security - Open Source Security Foundation|website=openssf.org|date=3 August 2020 |accessdate=10 August 2022}}</ref> Other founding members include [[GitLab]], [[HackerOne]], [[Intel]], [[Okta (identity management)|Okta]], [[Purdue]], [[Uber]], and [[VMware]].<ref name="openssf" />▼
▲The OpenSSF was formed in August 2020 as the successor to the [[Core Infrastructure Initiative]], another Linux Foundation project.<ref>{{Cite web |last=Anderson |first=Tim |title=Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns |url=https://www.theregister.com/2020/08/03/linux_foundation_forms_openssf/ |access-date=2023-05-22 |website=www.theregister.com |language=en}}</ref><ref>{{Cite web |title=Home |url=https://www.coreinfrastructure.org/ |access-date=2023-01-20 |website=Core Infrastructure Initiative |language=en-US}}</ref> The list of founding governing board members includes [[GitHub]], [[Google]], [[IBM]], [[JPMorgan Chase]], [[Microsoft]], [[NCC Group]], [[OWASP|OWASP Foundation]] and [[Red Hat]].<ref name="openssf">{{cite web|url=https://openssf.org/press-release/2020/08/03/technology-and-enterprise-leaders-combine-efforts-to-improve-open-source-security/|title=Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security - Open Source Security Foundation|website=openssf.org|date=3 August 2020 |accessdate=10 August 2022}}</ref> Other founding members include [[GitLab]], [[HackerOne]], [[Intel]], [[Okta (identity management)|Okta]], [[Purdue]], [[Uber]], and [[VMware]].<ref name="openssf" />
In October 2021, [[Brian Behlendorf]] was announced as the OpenSSF's first full-time General Manager.<ref>{{Cite web |date=2021-10-13 |title=Tech giants commit $10M annually to Open Source Security Foundation |url=https://venturebeat.com/business/tech-giants-commit-10m-annually-to-open-source-security-foundation/ |access-date=2023-05-22 |website=VentureBeat |language=en-US}}</ref> In May 2023, OpenSSF announced Omkhar Arasaratnam as its new General Manager, and Behlendorf became CTO of the organization.<ref>{{Cite web |last=danwillis |date=2023-05-12 |title=Cross-industry organisation OpenSSF snaps up $5m |url=https://fintech.global/2023/05/12/cross-industry-organisation-openssf-snaps-up-5m/ |access-date=2023-05-22 |website=FinTech Global |language=en-GB}}</ref>
==Activity==
===Working Groups and Projects===
The OpenSSF houses various initiatives under its working groups.<ref>{{Cite web |last=Zorz |first=Mirko |date=2023-05-18 |title=Enhancing open source security: Insights from the OpenSSF on addressing key challenges |url=https://www.helpnetsecurity.com/2023/05/18/brian-behlendorf-openssf-open-source-security/ |access-date=2023-05-22 |website=Help Net Security |language=en-US}}</ref> The OpenSSF currently has eight working groups:<ref>{{Cite web |title=OpenSSF Working Groups |url=https://openssf.org/community/openssf-working-groups/ |access-date=2023-05-22 |website=Open Source Security Foundation |language=en-US}}</ref>
* Best Practices for Open Source Developers
* Securing Software Repositories
* End Users
* Security Tooling
* Identifying Security Threats in Open Source Projects
* Supply Chain Integrity
* Securing Critical Projects
* Vulnerability Disclosures
The OpenSSF also houses two projects: the code signing and verification service [[Sigstore]]<ref>{{Cite web |last=Vizard |first=Mike |date=2022-10-27 |title=Sigstore Code Signing Service Becomes Generally Available |url=https://devops.com/sigstore-code-signing-service-becomes-generally-available/ |access-date=2023-05-22 |website=DevOps.com |language=en-US}}</ref> and Alpha-Omega, a large-scale effort to improve software supply chain security.<ref>{{Cite web |last=Vaughan-Nichols |first=Steven J. |date=2022-10-06 |title=Alpha-Omega Dishes out Cash to Secure Open Source Projects |url=https://thenewstack.io/alpha-omega-dishes-out-cash-to-secure-open-source-projects/ |access-date=2023-05-22 |website=The New Stack |language=en-US}}</ref>
===Policy===
After the [[Log4Shell]] vulnerability, the White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.<ref>{{Cite web |last=House |first=The White |date=2022-01-14 |title=Readout of White House Meeting on Software Security |url=https://www.whitehouse.gov/briefing-room/statements-releases/2022/01/13/readout-of-white-house-meeting-on-software-security/ |access-date=2023-05-22 |website=The White House |language=en-US}}</ref> In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.<ref>{{Cite web |last=Vaughan-Nichols |first=Steven J. |date=2023-01-24 |title=OpenSSF Aimed to Stem Open Source Security Problems in 2022 |url=https://thenewstack.io/openssf-aimed-to-stem-open-source-security-problems-in-2022/ |access-date=2023-05-22 |website=The New Stack |language=en-US}}</ref><ref>{{Cite web |last=Page |first=Carly |date=2022-05-16 |title=Tech giants pledge $$ to boost open source software security |url=https://techcrunch.com/2022/05/16/white-house-open-source-security/ |access-date=2023-05-22 |website=TechCrunch |language=en-US}}</ref>
==See also==
| |||